25 Oct
2009
25 Oct
'09
9:06 p.m.
Am 25.10.2009 um 10:57 schrieb Scott Ritchie:
Many apps don't need to view the user folder for documents but also employ programmable scripting engines - a good example are games. It would be much more convenient to pass some sort of "sandbox me, allow network, deny home folder access" switch to Wine than to muck about with stuff like AppArmor profiles.
The usual reply to this is that Windows apps in Wine can just issue Linux system calls, so any Wine-based sandboxing is security by obscurity. You need something at the syscall layer.